Uh oh. In some ways this was inevitable; as Android’s taken up market share, it’s also got the attention of malware writers. Quite a lot of attention, as it turns out.
A Juniper networks report indicates that Android Malware has increased by a rather alarming amount in the past few months; a Juniper blog specifies exactly what the problem is:
What happens when anyone can develop and publish an application to the Android Market? A 472% increase in Android malware samples since July 2011. These days, it seems all you need is a developer account, that is relatively easy to anonymize, pay $25 and you can post your applications. With no upfront review process, no one checking to see that your application does what it says, just the world’s largest majority of smartphone users skimming past your application’s description page with whatever description of the application the developer chooses to include.
It’s particularly alarming on top of the recent news that a large number of Android anti-malware apps don’t seem to work particularly well. [Juniper via PC Magazine]
Harvz
Thursday, November 17, 2011 at 2:14 PMit would be good if they gave a number of apps. before/now that are bad
Alex Kidman
Thursday, November 17, 2011 at 2:39 PMAgreed; sadly Juniper doesn’t state those numbers upfront.
moggyx
Thursday, November 17, 2011 at 2:35 PMThis comment has been deemed inappropriate [Troll] and has been deleted
Sam
Thursday, November 17, 2011 at 3:05 PMI can only echo this comment, and that of Ozoneocean below. I actually ditched using “antivirus” on my phone, because I felt no need for it. The apps that have received media attention for being pulled from the market for being malicious have been pretty easy to spot as dodgy apps, be it poor translations to English, or dumb functionality.
The presence of these apps doesn’t make Android dangerous – it just means you need to be aware of what you’re putting on your phone. Google has created their permissions system pretty transparently, and I’d argue they’re a hell of a lot easier to read than any EULA you’re likely to see on a PC. How many of us install applications on our PCs without reading those?
At the end of the day, in real life – you wouldn’t play in the street and not pay attention for traffic, so don’t expect to add foreign apps to your Android phone without paying attention to what they’re capable of doing. If you’re too lazy to do that, buy an iPhone – Apple are happy to control and limit your user experience on their devices in order to keep you safe.
The Gremlin
Thursday, November 17, 2011 at 3:09 PMThere are good and bad thing about each approach. Getting malware is a normal consequence of the Android approach, period. You can have all the warnings in the world and be as careful as you can and stil get one. This is only going to get worse, more creative and difficult to detect.
You’d rather live with that than with the Apple’s censorship, good for you. But please don’t pretend like is a non-issue, because it is.
Ozoneocean
Monday, November 21, 2011 at 11:38 PMThis is incorrect. Getting malware on an Android phone is extremely abnormal. You have to be either deliberately searching for it or being extremely silly- downloading badly spelled porn apps with zero reviews or negative reviews, obviously hacked free versions of paid software by the wrong publisher (ie not the same as the paid one).
Only a real idiot would get malware on an Android phone and consider it a normal occurrence. That same person would probably have a Mac full of viruses too since to get the few viruses and malware out for OSX you have to exhibit exactly the same moronic behaviour.
Ozoneocean
Thursday, November 17, 2011 at 2:37 PMOne of the things no one ever seems to mention in these articles (not Android users?), is that Apps are user reviewed- and that the higher the user review the more likely an app is to be recommended to you, the higher it will be on any search list etc.
If an app is just malware crap its ratings will be 0, and if there are any comments at all they will be negative.
People tend to have a look at what others say about an app before installing it.
There are also thousands of “trusted” apps from known and recommended publishers.
Dodgy apps are generally extremely easy to spot. I would guess that 98% of the malware found are free porn apps.
Just This Guy ...
Thursday, November 17, 2011 at 3:31 PMCould not agree more.
It’s amazing how many people will simply click on something that makes big promises about this and that without bothering to simply read reviewers comments.
They are one of the biggest (and I’d suggest hardest to falsify?) means of determining an apps suitability / functionality.
Ofcourse that means sticking with (more) trusted sources such as Google’s own app store.
will
Thursday, November 17, 2011 at 9:08 PMThis isn’t like malicious PC ware that uses a hole to can system access, this is user approved, the user only need to know what signs to look for to prevent them from installing malicious apps. one simple way is to avoid apps that appear to be ripoffs, as these tend to carry added code. I would rather develop under android where I can do most ‘edgy’ things without fear of the app being pulled.
Derek
Thursday, November 17, 2011 at 2:38 PMEchoing the previous comments on this one. There may well have been a huge increase, but it’s hard to tell as you need to sign up to a Juniper Networks subscription to get access to the report itself.
And if this media release is any indicator of the quality of the report, then there’s no way I’d be paying for it!
Joe
Thursday, November 17, 2011 at 2:55 PMAre these different malware items, or multiple occurences of the same item? Do they come from the Official Android Market, or a third party market?
One example shown had the phone user downloading a crack from a Russian web site. Now, nothing against our fine Russian friends, but if you download a software crack instead of going through official channels to buy an app, then you deserve to by pwned by malware.
Shane
Thursday, November 17, 2011 at 3:53 PMWhile I agree with the comments relating to searching the apps in higher details, and using the reviewer comments to establish its legitimacy, what about those companies that publish a polished app that runs a form of malware (Or some other kind of privacy invasion) in the background?
Just because users say that the app is good in the comments or reviews doesn’t necessarily mean there isn’t something dodgy going on behind the scenes that nobody knows about!
Nicole Fox
Thursday, November 17, 2011 at 5:16 PMIf you want to get your apps on the App Store, and migrate from Android, without any iPhone programming experience, I highly recommend http://www.iphonedevreviews.com.
Nick
Thursday, November 17, 2011 at 6:12 PMWithout knowing what the actual number of apps affected is, the percentage is meaningless. The fact that the number isn’t included in the story published by the IT security company strongly suggests that the actual number is pretty small and that they’re scaremongering to justify whatever it is they sell.
Nate
Thursday, November 17, 2011 at 9:01 PMTime to rant:
What the fuck is up with people that want apps for everything? Internet banking is the perfect example. Who the fuck wants that info stored on their phone so that it’s available for anyone that takes your phone?
Adamski
Thursday, November 17, 2011 at 10:04 PMDear Nate:
I use phone banking a lot, and you know what I also do? I don’t lose my phone. And just in case, i use findmyiphone. And remove deletion.
James
Friday, November 18, 2011 at 12:18 PMI gotta say, maybe apple’s closed platform doesn’t seem like such a retarded idea. This is just the tip of the iceberg and it’s only going to get much much worse considering that this really is only over the last few months. A
Apple’s closed iPhone/iPad/Touch platform gives the consumer comfort in the fact that everything they download is clean, safe and works 100% with their hardware.
I have android phone (HTC Desire S) and this is somewhat distressing news.
Peter
Friday, November 18, 2011 at 1:30 PMToo bad it gives iPhone owners a false sense of security. As per that recent mess with the security researcher and the Web browser bug, shit has gotten through before and will again